Archive for November, 2005
Anyone who has used a Macintosh in a network environment for several years will remember a feature from OS 9 and earlier versions that allowed you to save logon credentials for a network volume. This would allow users to have those network volumes automatically mount on the Mac desktop when the user logged in on the Mac. As with many other features of the new operating system, this functionality changed with the release of OS X. As a result, there is no longer a simple checkbox that a user can enable to have a network volume automatically mount when the user logs in.
There are several ways to recover this functionality, however. This document details one of the simpler methods. Given the intended audience for this document, there are several assumptions being made.
- The Macintosh is running Mac OS 10.4 or later.
- The server providing the network volumes is running SBS 2003.
- The Macintosh is accessing shares on the SBS server through SMB, not AppleTalk.
I’ve been assisting a client of mine in California with getting a number of Macs connected to a new SBS 2003 server for one of his installations. We have been able to get most of the issues resolved, but he hit me with one recently that I couldn’t nail down immediately. One of the newer Macs could not load http://companyweb from Safari.
At the time of his request, I was off site, and as a quick check, I made a VPN connection to another client site from my PowerBook and attempted to load companyweb from that site in Safari. I couldn’t make an immediate connection, which I wrote off as DNS. However, I did try to connect using the SSL interface to companyweb: https://servername:444/ which connected immediately. I was prompted for a username and password (understandable since the Mac does not have Windows authorization credentials cached) and got in to browse through all of the pieces of companyweb.
I reported this back to my client, but wanted to do a full examination in my test network. Here’s what I found…
I was called in to work with a client this week who was having some trouble with employees who were connecting to the network via VPN. The basic problem was this: when the employees made a VPN connection and tried to load the companyweb web site, they got directed to someplace else altogether. When they tried to connect to companyweb from machines on the internal network, no problems.
The core problem boiled down to the internal domain name space. It was the same as their public DNS name. I.e., their internal domain was smallbizco.net (not their real domain) and their public domain was smallbizco.net.
I was able to give them a workaround ( use the URL https://SBSserverIPaddress:444/ ) since they couldn’t implement the real solution, which is to rename the internal domain with a private, non-routable namespace (such as smallbizco.local or smallbizco.lan).
Every SBS consultant worth his or her salt will tell you that you never, EVER use a public domain name for your internal domain name. DNS lookup failures, like the ones experienced here, are the reason why. And had this client set up the internal domain name correctly, they could have avoided this problem.
However, the real reason WHY it was failing was because of what I now believe is a flaw in the way Windows handles VPN connections, not only because they used a public DNS namespace for their internal domain. What follows is how I determined that the problem lies with Windows and not solely with the client.
Since the Macintosh platform does not interact with the default authentication requirements of ISA 2004 for web and non-web access, you have to create a special ISA configuration to allow outbound Internet access for Macs.
The remainder of this post will give step-by-step instructions for setting up the ISA configuration.
I was working with another SBS consultant on an issue where the majority of his client sites were not receiving alerts from Sharepoint, not even the e-mail messages identifying that an alert had been created.
In a reversal of my usual approach, I’ll give you the solution, then tell you how we approached the troubleshooting.
Turns out that, based on a message from SBS MVP Les Connor that’s posted on SBS MVP Kevin Weilbacher’s site, my client had enabled the Filter Messages with Blank Sender in the Exchange System Manager Message Delivery section. Once we disabled that setting, the Sharepoint alerts started flowing as expected.
Alternately, you can set a From address in the Sharepoint Central Administration settings. From Administrative Tools, open Sharepoint Central Administration. Then go to Configure Virtual Server Settings, Companyweb, Virtual Server E-mail Settings, and enter a valid address in the From Address: field.
While the default SBS install creates a stable DHCP server configuration (when DHCP is enabled on the SBS server, and it should be), sometimes there are reasons to have a network device receive a consistent IP address on the internal network. This could be a network-aware printer that needs a fixed IP or if you need to group a set of workstations in a specific IP address range for ISA. This post covers the steps to follow to create a DHCP reservation on an SBS 2003 server.